RustDesk and Traefik Docker Compose Configuration

docker-compose.yml

# A minimal configuration to host a RustDesk server with Traefik v3 (also works with Traefik v2).
#
# This configuration is based on a single Rustdesk container hosting the two hbbr and hbbs services
# instead of running two separate containers as in the official documentation.
# See https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/docker/ for more information.
#
# This configuration is adapted from https://gist.github.com/FracKenA/5015150a6057afe9a22bf2e4b9d5f2b6.
#
# Pay attention to the comments in the file and adapt the configuration to your needs.
# Once deployed you must configure the Rustdesk client in the Network tab to use the domain
# name of the relay server and the port 21117.
# ID server: DOMAIN_NAME:21116
# Relay server: DOMAIN_NAME:21117
# Key: THE_PUBLIC_KEY

version: "3"
services:
  # Traefik proxy
  #
  # This traefik configuration is the strict minimum to make Rustdesk work without any other services
  # such as Traefik dashboard. Adapt it to your needs.
  traefik:
    container_name: traefik
    image: traefik:v3.0
    ports:
      # Rustdesk ports
      # Those MUST be open on your router and firewall and forwarded to the host running
      # this docker-compose file.
      - 21115:21115/tcp
      - 21116:21116/tcp
      - 21117:21117/tcp
      - 21118:21118/tcp
      - 21119:21119/tcp
      - 21116:21116/udp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    command:
      - --global.checkNewVersion=false
      - --global.sendAnonymousUSage=false
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --log.level=INFO
      - --accesslog.filters.statuscodes=400-499
      # Rustdesk entrypoints
      - --entrypoints.rd5-tcp.address=:21115/tcp # ID Server - NAT type test
      - --entrypoints.rd6-tcp.address=:21116/tcp # ID Server - TCP hole punching
      - --entrypoints.rd6-udp.address=:21116/udp # ID Server - ID registration and heartbeat
      - --entrypoints.rd8-tcp.address=:21118/tcp # ID Server - Web client
      - --entrypoints.rd7-tcp.address=:21117/tcp # Relay Server - Relay services
      - --entrypoints.rd9-tcp.address=:21119/tcp # Relay Server - Web client

  # RustDesk ID/Rendezvous server and Relay server
  #
  # This container uses rustdesk-server-s6 instead of rustdesk-server. The difference is that
  # rustdesk-server-s6 is based on s6-overlay which runs the two services hbbr and hbbs in the same
  # container.
  rustdesk:
    container_name: rustdesk
    image: rustdesk/rustdesk-server-s6:latest
    volumes:
      - LOCAL_DIR_TO_HOST_THE_DATABASE:/db
      - LOCAL_DIR_TO_HOST_THE_KEYS:/data
    restart: unless-stopped
    environment:
      - RELAY=DOMAIN_NAME:21117
      - ENCRYPTED_ONLY=1
      - DB_URL=/db/db_v2.sqlite3
      # The private and public keys must be generated with the following command:
      # Generate the private key: `openssl genpkey -algorithm Ed25519 -out private.key`
      # Generate the public key: `openssl pkey -in private.key -pubout -out public.key`
      # Display botk keys and copy them below: `cat private.key public.key`
      # openssl rsa -in private.pem -pubout -out public.pem
      - KEY_PRIV=THE_PRIVATE_KEY
      - KEY_PUB=THE_PUBLIC_KEY
      - RUST_LOG=debug
    labels:
      - traefik.enable=true
      # 21115/tcp
      - traefik.tcp.routers.rustdesk-rd5.entrypoints=rd5-tcp
      - traefik.tcp.routers.rustdesk-rd5.rule=HostSNI(`*`)
      - traefik.tcp.routers.rustdesk-rd5.service=rustdesk-rd5
      - traefik.tcp.services.rustdesk-rd5.loadbalancer.server.port=21115
      - traefik.tcp.routers.rustdesk-rd5.tls=false
      - traefik.tcp.routers.rustdesk-rd5.tls.passthrough=true
      # 21116/tcp
      - traefik.tcp.routers.rustdesk-rd6.entrypoints=rd6-tcp
      - traefik.tcp.routers.rustdesk-rd6.rule=HostSNI(`*`)
      - traefik.tcp.routers.rustdesk-rd6.service=rustdesk-rd6
      - traefik.tcp.services.rustdesk-rd6.loadbalancer.server.port=21116
      - traefik.tcp.routers.rustdesk-rd6.tls=false
      - traefik.tcp.routers.rustdesk-rd6.tls.passthrough=true
      # 21118/tcp
      - traefik.tcp.routers.rustdesk-rd8.entrypoints=rd8-tcp
      - traefik.tcp.routers.rustdesk-rd8.rule=HostSNI(`*`)
      - traefik.tcp.routers.rustdesk-rd8.service=rustdesk-rd8
      - traefik.tcp.services.rustdesk-rd8.loadbalancer.server.port=21118
      - traefik.tcp.routers.rustdesk-rd8.tls=false
      - traefik.tcp.routers.rustdesk-rd8.tls.passthrough=true
      # 21116/udp
      - traefik.udp.routers.rustdesk-rd6.entrypoints=rd6-udp
      - traefik.udp.routers.rustdesk-rd6.service=rustdesk-rd6
      - traefik.udp.services.rustdesk-rd6.loadbalancer.server.port=21116
      # 21117/tcp
      - traefik.tcp.routers.rustdesk-rd7.entrypoints=rd7-tcp
      - traefik.tcp.routers.rustdesk-rd7.rule=HostSNI(`*`)
      - traefik.tcp.routers.rustdesk-rd7.service=rustdesk-rd7
      - traefik.tcp.services.rustdesk-rd7.loadbalancer.server.port=21117
      - traefik.tcp.routers.rustdesk-rd7.tls=false
      - traefik.tcp.routers.rustdesk-rd7.tls.passthrough=true
      # 21119/tcp
      - traefik.tcp.routers.rustdesk-rd9.entrypoints=rd9-tcp
      - traefik.tcp.routers.rustdesk-rd9.rule=HostSNI(`*`)
      - traefik.tcp.routers.rustdesk-rd9.service=rustdesk-rd9
      - traefik.tcp.services.rustdesk-rd9.loadbalancer.server.port=21119
      - traefik.tcp.routers.rustdesk-rd9.tls=false
      - traefik.tcp.routers.rustdesk-rd9.tls.passthrough=true

as per official documentation the keys can be generated using docker run --rm --entrypoint /usr/bin/rustdesk-utils rustdesk/rustdesk-server-s6:latest genkeypair. This worked for me, the gist should be updated with this command.